If we really get a situation where the underlying mtu is less than the minimum

we will support then dtls1_do_write can go into an infinite loop. This commit fixes that. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit d3d9eef31661633f5b003a9e115c1822f79d1870)
author: Matt Caswell <matt@openssl.org> 2014-12-02 00:16:55 +0000
committer: Matt Caswell <matt@openssl.org> 2014-12-03 09:31:39 +0000
commit: 788a5bad17ef488a0b5bcd7d6e3468fca2717911 (patch)
tree: 828918848875661d10e0a578752ab26d8940b9be /ssl/d1_both.c
parent: 1872083ca1171d40b9b519a9aefa3da7d47c5cea (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 808d4d14eb..c5957bd612 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -260,6 +260,7 @@ int dtls1_do_write(SSL *s, int type)
 	{
 	int ret;
 	int curr_mtu;
+	int retry = 1;
 	unsigned int len, frag_off, mac_size, blocksize;
 
 	if(!dtls1_query_mtu(s))
@@ -370,13 +371,15 @@ int dtls1_do_write(SSL *s, int type)
 			 * is fine and wait for an alert to handle the
 			 * retransmit 
 			 */
-			if ( BIO_ctrl(SSL_get_wbio(s),
+			if ( retry && BIO_ctrl(SSL_get_wbio(s),
 				BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 )
 				{
 				if(!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
 					{
 					if(!dtls1_query_mtu(s))
 						return -1;
+					/* Have one more go */
+					retry = 0;
 					}
 				else
 					return -1;
author	Matt Caswell <matt@openssl.org>	2014-12-02 00:16:55 +0000
committer	Matt Caswell <matt@openssl.org>	2014-12-03 09:31:39 +0000
commit	788a5bad17ef488a0b5bcd7d6e3468fca2717911 (patch)
tree	828918848875661d10e0a578752ab26d8940b9be /ssl/d1_both.c
parent	1872083ca1171d40b9b519a9aefa3da7d47c5cea (diff)